Malicious code in hardhat-evmchain (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f369bb56919b0bda50e063229cfaf0fd1b0481d62c6d5fbdf90eb6e5cd6ac6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @cplace-paw-fe/cf-training-extended (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c5db73fe2d964e3a417f9c13904b52af166bffa1edb36401e0dda939c281354 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tailwind-smooth-slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b613524a54cbd80614c087930d4df2de524b7a594cadc3469723bb38e5cc8516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5082 Malicious code in tailwind-smooth-slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b613524a54cbd80614c087930d4df2de524b7a594cadc3469723bb38e5cc8516 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5061 Malicious code in chai-use-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 941306dd3e5d860872f10c80f8e3acd59cbc3b3d0c7bb00e229442b3af273989 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in private-next-instrumentation-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6453af923aa8f8a1c7ab67406fc29c333830e59f44ea080bbb5c3c6727e0aef2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tailwind-clamps-line (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 091842cb2bfe94e715b2bfec88b04625ea3350097c037d2b172483905633c20e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5071 Malicious code in gcp-api-enabler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a14212abcc7c3f9f662ffcc18752c5fa10f94d07ef3b7c820637eea7d02c3ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ethers-errors (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06fa972243b06dbbcbda81121dd063b2ebc5636ae92c0836617433beec35ed0c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

fox-foxone-exploit

markdown FoxFOXONE Driver Exploit Local privilege escalat...

CVE-2026-48811 FreeScout: Thread Deletion Bypasses Mailbox Access Revocation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

GHSA-8CPH-RGR4-G5VJ Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers

Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...

Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers

Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...

CVE-2026-49386

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas...

CVE-2026-49385

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

WordPress WCFM Membership plugin <= 2.11.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bima Ikhsan in WordPress Plugin WCFM Membership versions = 2.11.10...

EUVD-2026-33393

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

CVE-2026-49386

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas...

CVE-2026-49386

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas...

CVE-2026-49385

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...